Automated deployment of proxy, hypervisors and Kubernetes nodes on Ubuntu.
- Updates/upgrades packages
- Installs: curl, htop, nvim, prometheus-node-exporter
- Creates users with sudo access and hashed passwords
- Disables root user
- Configures bashrc
- Installs QEMU/libvirt (libvirt-daemon-system, qemu-utils, qemu-system-x86, virtinst)
- Creates VM disks and directories
- Downloads ISOs
- Configures VM creation with virt-install
- Installs k3s via official script
- Starts and enables k3s service
- Installs nginx and configures reverse proxy sites
- Issues SSL certificates using acme.sh with Cloudflare DNS challenge
- Creates nginx configs in
/etc/nginx/sites-availablewith TLS - Rewrites HTTP (80) to HTTPS (443)
- Sets up systemd timers for automatic certificate renewal
- Configures dynamic DNS for domains
- Creates update scripts per site in
/opt/ddns/ - Sets up systemd timers for automatic DNS updates
- Integrates with Cloudflare API
- Ubuntu Server (uses
apt) - Cloudflare Account (for ACME DNS challenge and DDNS)
- Configure inventory in
inventories/production/hosts - Set user passwords in
roles/common/vars/main.yaml(use hashed passwords) - Configure VMs in
roles/hypervisor/vars/main.yaml - Configure sites in
roles/proxy/vars/main.yaml(FQDN, proxy pass endpoints) - Configure domains in
roles/ddns/vars/main.yaml(domains requiring DDNS) - Run deployment:
# Deploy everything
ansible-playbook --inventory inventories/production/hosts --ask-become-pass site.yml
# Deploy specific playbook
ansible-playbook --inventory inventories/production/hosts --ask-become-pass hypervisors.yml
ansible-playbook --inventory inventories/production/hosts --ask-become-pass k8s-nodes.ymlpython3 -c 'import crypt; print(crypt.crypt("your_password", crypt.mksalt(crypt.METHOD_SHA512)))'